Commit graph

126 commits

Author SHA1 Message Date
Ralf S. Engelschall
84107e6ca8 Second round of fixing the OpenSSL perl/ stuff. It now at least compiled fine
under Unix and passes some trivial tests I've now added. But the whole stuff
is horribly incomplete, so a README.1ST with a disclaimer was added to make
sure no one expects that this stuff really works in the OpenSSL 0.9.2 release.
Additionally I've started to clean the XS sources up and fixed a few little
bugs and inconsistencies in OpenSSL.{pm,xs} and openssl_bio.xs.

PS: I'm still not convinces whether we should try to make this
    finally running or kick it out and replace it with some
    other module....
1999-03-08 11:25:49 +00:00
Ben Laurie
efadf60f9c Don't make links on Windoze. 1999-03-07 15:21:08 +00:00
Ben Laurie
26a0846fc1 Fix perl assembler. 1999-03-07 15:08:38 +00:00
Ben Laurie
7d3ce7ba37 Linux MIPS support. 1999-03-07 14:17:32 +00:00
Ben Laurie
cba5068d10 Always make links. 1999-03-07 14:05:36 +00:00
Dr. Stephen Henson
1756d405cc Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
1999-03-06 19:33:29 +00:00
Ralf S. Engelschall
116e315303 Add a useful kludge to allow package maintainers to specify compiler and other
platforms details on the command line without having to patch the Configure
script everytime: One now can use ``perl Configure <id>:<details>'', i.e.
platform ids are allowed to have details appended to them (seperated by
colons). This is treated as there would be a static pre-configured entry in
Configure's %table under key <id> with value <details> and ``perl Configure
<id>'' is called.  So, when you want to perform a quick test-compile under
FreeBSD 3.1 with pgcc and without assembler stuff you can use ``perl Configure
"FreeBSD-elf:pgcc:-O6:::"'' now, which overrides the FreeBSD-elf entry
on-the-fly.

(PS: Notice that the same effect _cannot_ be achieved by using
     ``make CC=pgcc ..'' etc, because you cannot override all
     things from there.)
1999-03-06 16:07:47 +00:00
Ben Laurie
bc3482442a Disable new TLS1 ciphersuites. 1999-03-06 15:21:02 +00:00
Ralf S. Engelschall
3eb0ed6d91 Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified on the `perl
Configure ...' command line. This way one can compile OpenSSL libraries with
Position Independent Code (PIC) which is needed for linking it into DSOs.
1999-03-06 14:35:03 +00:00
Ben Laurie
f415fa3243 Fix export ciphersuites, again. 1999-03-06 14:09:36 +00:00
Ralf S. Engelschall
2c6ccde1f7 just a little typo 1999-03-06 14:01:29 +00:00
Ralf S. Engelschall
0b903ec018 Cleaned up the LICENSE document: The official contact for any license
questions now is the OpenSSL core team under openssl-core@openssl.org.  And
add a paragraph about the dual-license situation to make sure people recognize
that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply to the OpenSSL
toolkit.
1999-03-06 13:29:09 +00:00
Ralf S. Engelschall
bb8f3c5879 General source tree makefile cleanups: Made `making xxx in yyy...' display
consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
988788f697 Permit null ciphers. 1999-03-06 12:09:36 +00:00
Dr. Stephen Henson
924acc5451 Fix the PKCS#7 stuff: signature verify could fail if attributes reordered, the
detached data encoding was wrong and free up public keys.
1999-03-05 02:05:15 +00:00
Dr. Stephen Henson
d00b7aad5a Workaround for a Win95 console bug triggered by the password read stuff. 1999-03-05 01:07:04 +00:00
Dr. Stephen Henson
9985bed331 Deleted my str_dup() function from X509V3: the same functionality is provided
by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.
1999-03-04 23:29:51 +00:00
Ralf S. Engelschall
789285aa96 Added the new `Includes OpenSSL Cryptography Software' button as
doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
button and can be used by applications based on OpenSSL to show the
relationship to the OpenSSL project.

PS: This beast caused me three hours to create, because
    of the size I had to hand-paint the 7pt fonts in Photoshop.
1999-03-04 12:55:42 +00:00
Ralf S. Engelschall
a06c602e6f Remove confusing variables in function signatures in files
ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable
confused some compilers.

Submitted by: Lennart Bong <lob@kulthea.stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-03-04 07:54:01 +00:00
Ralf S. Engelschall
8d697db1d0 Don't install bss_file.c under PREFIX/include/. It was introduced by Eric
between SSLeay 0.8 and 0.9 and just looks useless and confusing.

Pointed out by: Lennart Bong <lob@kulthea.stacken.kth.se>
Submitted by: Ralf S. Engelschall
1999-03-04 07:47:27 +00:00
Dr. Stephen Henson
06c6849124 Fix the Win32 compile environment and add various changes so it will now compile
under Win32 (9X and NT) again. Note: some signed/unsigned changes recently
checked in were killing the Win32 compile.
1999-03-03 02:01:26 +00:00
Ben Laurie
eb90a483ad Add functions to add certs to stacks, used for CA file/path stuff in servers. 1999-02-28 17:41:55 +00:00
Ben Laurie
4f43d0e71f Experiment with doxygen documentation. 1999-02-28 12:41:50 +00:00
Ralf S. Engelschall
74d7abc2ab Get rid of remaining C++-style comments which strict C compilers hate.
(Pointed out by Carlos Amengual).
1999-02-27 12:17:40 +00:00
Dr. Stephen Henson
7283ecea22 BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For
now change it to BN_RECURSION_MONT so it isn't compiled in.
1999-02-26 01:37:34 +00:00
Ralf S. Engelschall
15d21c2df4 Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).

For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.

The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.

Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
1999-02-25 14:40:29 +00:00
Ralf S. Engelschall
ea14a91f64 Move s_server -dcert and -dkey options out of the undocumented feature area
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
1999-02-25 11:26:26 +00:00
Ralf S. Engelschall
90a52cecaf Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 11:03:18 +00:00
Ralf S. Engelschall
def9f43151 Fix 'port' variable from int' to unsigned int' in crypto/bio/b_sock.c
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 10:54:27 +00:00
Ralf S. Engelschall
8aef252bf4 Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
from `int' to `unsigned int' because it's a length and initialized by
EVP_DigestFinal() which expects an `unsigned int *'.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 10:47:24 +00:00
Ralf S. Engelschall
a4ed5532a8 Don't hard-code path to Perl interpreter on shebang line of Configure
script. Instead use the usual Shell->Perl transition trick.
1999-02-25 08:48:52 +00:00
Ralf S. Engelschall
7be304acdb Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
1999-02-24 17:17:31 +00:00
Ben Laurie
55ab3bf7f9 Add reliable BIO. 1999-02-23 21:44:34 +00:00
Dr. Stephen Henson
a43aa73e3b Redo the way 'req' and 'ca' add objects: add support for oid_section. 1999-02-23 00:07:46 +00:00
Ben Laurie
0849d13811 Add syslogging BIO. 1999-02-22 21:21:08 +00:00
Ben Laurie
06ab81f9f7 Add support for new TLS export ciphersuites. 1999-02-21 20:03:24 +00:00
Dr. Stephen Henson
deff75b634 Add preliminary user level config documentation for extension stuff. Programming
info will come later...

Feel free to reformat and tidy this up...
1999-02-21 17:41:08 +00:00
Dr. Stephen Henson
0c8a1281d0 Make RSA_NO_PADDING really use no padding.
Submitted by: Ulf Moeller <ulf@fitug.de>
1999-02-21 17:39:07 +00:00
Ben Laurie
4004dbb7f6 Generate errors when public/private key check is done. 1999-02-20 11:50:07 +00:00
Dr. Stephen Henson
0ca5f8b15c Overhaul 'crl' application, add a proper X509_CRL_print function and start
to support CRL extensions.
1999-02-19 01:29:29 +00:00
Dr. Stephen Henson
3d8accc3ae Fuller authority key id support, partial support for private key usage extension
and really fix the ASN.1 IMPLICIT bug this time :-)
1999-02-17 23:21:01 +00:00
Ben Laurie
a49498969e Add OAEP. 1999-02-17 21:11:08 +00:00
Mark J. Cox
413c4f45ed Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR:
1999-02-16 09:22:21 +00:00
Dr. Stephen Henson
a8236c8c32 Fix various memory leaks in SSL, apps and DSA 1999-02-15 21:05:21 +00:00
Dr. Stephen Henson
388ff0b076 Add support for raw extensions. This means that you can include the DER encoding
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
1999-02-14 16:48:22 +00:00
Ralf S. Engelschall
6013fa8395 Make sure latest Perl versions don't interpret some generated C array as Perl
array code in the crypto/err/err_genc.pl script.

Submitted by: Lars Weber <3weber@informatik.uni-hamburg.de>
Reviewed by: Ralf s. Engelschall
1999-02-14 13:21:52 +00:00
Dr. Stephen Henson
5c00879ef0 More Win32 fixes and upsdate INSTALL.W32 documentation. 1999-02-14 00:40:13 +00:00
Dr. Stephen Henson
9becf66621 Oops... add other changes this time too. 1999-02-13 23:13:32 +00:00
Ben Laurie
4e31df2cd7 Fix ghastly DES declarations, and all consequential warnings. 1999-02-13 18:52:38 +00:00
Dr. Stephen Henson
e4119b9311 Fix typo in asn1.h (PRINTABLESTRING_STRING) and fix a bug in object creation
perl script. It failed if the OID had any zeros in it.
1999-02-13 17:15:32 +00:00